From owner-freebsd-net@FreeBSD.ORG Thu Sep 1 20:57:48 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4BDA16A41F for ; Thu, 1 Sep 2005 20:57:48 +0000 (GMT) (envelope-from peter@alastria.net) Received: from nebula.thdo.uk.alastria.net (nebula.thdo.uk.alastria.net [212.13.198.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 185C543D48 for ; Thu, 1 Sep 2005 20:57:47 +0000 (GMT) (envelope-from peter@alastria.net) Received: from [10.3.0.5] (shuttle.cw9.co.uk [83.67.74.97]) (authenticated bits=0) by nebula.thdo.uk.alastria.net (8.13.3/8.13.3) with ESMTP id j81KvfB3055871 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 1 Sep 2005 20:57:42 GMT (envelope-from peter@alastria.net) Message-ID: <43176B4E.8080006@alastria.net> Date: Thu, 01 Sep 2005 21:57:50 +0100 From: Peter Wood Organization: Alastria Networks User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Flag: NO X-Virus-Status: No X-Spam-Score: 0 () X-Spam-Ultra-Flag: NO X-Spam-Low-Flag: NO X-Spam-Flag: NO X-Spam-High-Flag: NO X-Scanned-By: MIMEDefang 2.51 on 212.13.198.8 Subject: VLANs / Bridging / BPDU X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2005 20:57:48 -0000 Evening, I'm having an issue with using vlans and bridging. The issue is probably something that can be fixed in either FreeBSD or in the Cisco IOS. I'll explain what I have. I've got a external router that's sitting on vlan 20, also on 20 is a FreeBSD gateway which I intend to use as a firewall for the raw internet. The gateway also sits on 10 to pass the data to the machines protected by it. Or that was the plan anyway, a shortened (snipped media/mac) version of my ifconfig is as follows: raw0: flags=8842 mtu 1500 status: active vlan: 20 parent interface: em0 dmz0: flags=8843 mtu 1500 inet 10.3.0.101 netmask 0xfff80000 broadcast 10.7.255.255 status: active vlan: 10 parent interface: em0 So the idea is raw0 (renamed vlan interface) accepts the traffic from the router, lets ipfw do it's work and then spits it back out via dmz0. As you can see both cloned vlan interfaces are on em0 on a 802.1Q trunk to a Cisco 2950. I am however having an issue with BPDU, the Cisco recognizes what it considers to be a loop in the topology. What I assume is that the Cisco is sending a BPDU packet out on VLAN10, the FreeBSD machine is passing that packet back out via VLAN20 (as I guess the bridge should), which the Cisco receives again, assumes a switch loop and blocks both of the vlan interfaces. Cisco errors are as follows: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 20 on GigabitEthernet0/1 VLAN10. %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on VLAN0020. Inconsistent peer vlan. %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on VLAN0010. Inconsistent local vlan. Now after writing this I'm thinking it's more a switch issue then a FreeBSD one, especially as the only other hit for the first Cisco message (apart from Cisco docs) is a thread for linux describing exactly the same problem with their bridging. Of which can be seen at: http://www.mail-archive.com/bridge@lists.osdl.org/msg00147.html However if anyone has any suggestions or has seen this issue, I'd be very greatful. Would it be possible to get the bridge to block BPDU (ugly hack I'm sure). Cheers, Pete. -- Peter Wood BSc (Hons) :: :: Tel +44 1606 828010